certdb: accumulate extracted certs as list of PEMs

certdb.NSSDatabase.import_files currently accumulates certificates extracted from input files as a string, which is ugly. Accumulate a list of PEMs instead, and join() them just in time for PKCS #12 creation. Part of: https://fedorahosted.org/freeipa/ticket/6178 Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Tomas Krizek <tkrizek@redhat.com>
2024-12-23 07:33:27 -06:00 · 2016-11-18 10:04:24 +10:00 · 2016-11-18 10:04:24 +10:00 · cc5b88e5d4
commit cc5b88e5d4
parent c7ea56c049
1 changed files with 8 additions and 7 deletions
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@ -203,7 +203,7 @@ class NSSDatabase(object):
        """
        key_file = None
        extracted_key = None
-        extracted_certs = ''
+        extracted_certs = []

        for filename in files:
            try:
@ -234,7 +234,7 @@ class NSSDatabase(object):
                                    filename, line, e)
                                continue
                        else:
-                            extracted_certs += body + '\n'
+                            extracted_certs.append(body)
                            loaded = True
                            continue

@ -252,7 +252,7 @@ class NSSDatabase(object):
                                    filename, line, e)
                            continue
                        else:
-                            extracted_certs += '\n'.join(certs) + '\n'
+                            extracted_certs.extend(certs)
                            loaded = True
                            continue

@ -302,7 +302,7 @@ class NSSDatabase(object):
                pass
            else:
                data = x509.make_pem(base64.b64encode(data))
-                extracted_certs += data + '\n'
+                extracted_certs.append(data)
                continue

            # Try to import the file as PKCS#12 file
@ -343,14 +343,15 @@ class NSSDatabase(object):
            raise RuntimeError(
                "No server certificates found in %s" % (', '.join(files)))

-        certs = x509.load_certificate_list(extracted_certs)
-        for cert in certs:
+        for cert_pem in extracted_certs:
+            cert = x509.load_certificate(cert_pem)
            nickname = str(DN(cert.subject))
            data = cert.public_bytes(serialization.Encoding.DER)
            self.add_cert(data, nickname, ',,')

        if extracted_key:
-            in_file = ipautil.write_tmp_file(extracted_certs + extracted_key)
+            in_file = ipautil.write_tmp_file(
+                    '\n'.join(extracted_certs) + '\n' + extracted_key)
            out_file = tempfile.NamedTemporaryFile()
            out_password = ipautil.ipa_generate_password()
            out_pwdfile = ipautil.write_tmp_file(out_password)